Advisories » MGASA-2014-0087

Updated imagemagick package fixes security vulnerabilities

Publication date: 21 Feb 2014
Modification date: 21 Feb 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-1958 , CVE-2014-2030

Description

A buffer overflow flaw was found in the way ImageMagick handled PSD images
that use RLE encoding. An attacker could create a malicious PSD image file
that, when opened in ImageMagick, would cause ImageMagick to crash or,
potentially, execute arbitrary code with the privileges of the user running
ImageMagick (CVE-2014-1958).

A buffer overflow flaw was found in the way ImageMagick writes PSD images when
the input data has a large number of unlabeled layers (CVE-2014-2030).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=12742
• http://secunia.com/advisories/56844/
• https://bugzilla.redhat.com/show_bug.cgi?id=1067276
• https://bugzilla.redhat.com/show_bug.cgi?id=1064098
• https://www.cve.org/CVERecord?id=CVE-2014-1958
• https://www.cve.org/CVERecord?id=CVE-2014-2030

SRPMS

3/core

• imagemagick-6.8.1.1-2.1.mga3

4/core

• imagemagick-6.8.7.0-2.1.mga4